v0.0.26-rc2

What’s Changed

• packet filter: notable performance improvements
• nftables: bug fixes + configurable hooks + custom priorities
• improved service management and error handling
• the release contains more target platforms, static binaries only
• bug fixes and reworking of the packaging and install scripts
• require go 1.20, build with 1.20.3

Full list:

• Fix build typo (#255) @mmetc
• Fix freebsd build with stubs (#254) @mmetc
• CI: codeql v2 (#253) @mmetc
• Add config to set priority of nftables chain (#213) @sbs2001
• Fix nftables mode for ipv4 only / ipv6 only (#252) @mmetc
• Add fixture for functional tests with docker (#242) @mmetc
• Split code in packages for pkg/ and cmd/ (#251) @mmetc
• Update install/uninstall scripts (#247) @mmetc
• Add hook to metrics (#250) @mmetc
• CI: Rewrote the release workflow (#246) @mmetc
• non-blocking stream bouncer (#240) @mmetc
• Install.sh: support suse/zypper (#245) @mmetc
• Increase file limit in systemd unit (#244) @mmetc
• Batch packet filter (#237) @mmetc
• Run tests with pytest, rename test directory, unify build/test/lint workflow (#241) @mmetc
• Update go.mod for stable versions and cve (#235) @mmetc
• Require go 1.20 (#234) @mmetc
• Nftables: Add configurable hooks (#231) @Xyaren
• make clean: remove debian/ artifacts (#226) @mmetc
• restart service from systemd (#225) @mmetc

v0.0.25

What’s Changed

• fix Makefile by getting rid of quotes in variables (#222) @sabban
• Allow to configure max number of elements in ipset set (#220) @blotus
• fix support for .yaml.local (#219) @mmetc
• read go version from runtime pkg; don't use -X (#218) @mmetc
• make ipset type configurable (#211) @jakobwenzel
• make: accept BUILD_VENDOR_FLAGS (#209) @mmetc
• support crowdsec-firewall-bouncer.yaml.local (#196) @mmetc
• lint/shellharden postinstall scripts, removed bash dependency, look for cscli in $PATH (#205) @mmetc
• build static release, removed PID_DIR (#208) @mmetc
• update go.mod to reflect the InsecureSkipVerify fix (#206) @sabban
• Fix metrics when LOG action is on (#204) @sbs2001
• Measure dropped packets (#199) @sbs2001
• install/upgrade/uninstall -> posix sh (#198) @mmetc
• Variable supportedDecisionsTypes private (#203) @LaurenceJJones
• golangci-lint 1.49 and related fixes (#200) @mmetc
• updated/enabled/sorted linters; whitespace for readability (#195) @mmetc
• install.sh: fix iptables detection (#183) @freeekanayaka
• cap ban duration when it is too long for ipset (#184) @blotus
• add support for TLS auth (#188) @blotus
• fix ipv6 set-only nftables init (#181) @buixor
• add some lint checks and error wrapping (#174) @mmetc
• unify version flag with other bouncer and crowdsec (#180) @AlteredCoder

v0.0.25-rc4

What’s Changed

• fix Makefile by getting rid of quotes in variables (#222) @sabban
• Allow to configure max number of elements in ipset set (#220) @blotus
• fix support for .yaml.local (#219) @mmetc
• read go version from runtime pkg; don't use -X (#218) @mmetc
• make ipset type configurable (#211) @jakobwenzel
• make: accept BUILD_VENDOR_FLAGS (#209) @mmetc
• support crowdsec-firewall-bouncer.yaml.local (#196) @mmetc
• lint/shellharden postinstall scripts, removed bash dependency, look for cscli in $PATH (#205) @mmetc
• build static release, removed PID_DIR (#208) @mmetc
• update go.mod to reflect the InsecureSkipVerify fix (#206) @sabban
• Fix metrics when LOG action is on (#204) @sbs2001
• Measure dropped packets (#199) @sbs2001
• install/upgrade/uninstall -> posix sh (#198) @mmetc
• Variable supportedDecisionsTypes private (#203) @LaurenceJJones
• golangci-lint 1.49 and related fixes (#200) @mmetc
• updated/enabled/sorted linters; whitespace for readability (#195) @mmetc
• install.sh: fix iptables detection (#183) @freeekanayaka
• cap ban duration when it is too long for ipset (#184) @blotus
• add support for TLS auth (#188) @blotus
• fix ipv6 set-only nftables init (#181) @buixor
• add some lint checks and error wrapping (#174) @mmetc
• unify version flag with other bouncer and crowdsec (#180) @AlteredCoder

v0.0.25-rc3

What’s Changed

• Allow to configure max number of elements in ipset set (#220) @blotus
• fix support for .yaml.local (#219) @mmetc
• read go version from runtime pkg; don't use -X (#218) @mmetc
• make ipset type configurable (#211) @jakobwenzel
• make: accept BUILD_VENDOR_FLAGS (#209) @mmetc
• support crowdsec-firewall-bouncer.yaml.local (#196) @mmetc
• lint/shellharden postinstall scripts, removed bash dependency, look for cscli in $PATH (#205) @mmetc
• build static release, removed PID_DIR (#208) @mmetc
• update go.mod to reflect the InsecureSkipVerify fix (#206) @sabban
• Fix metrics when LOG action is on (#204) @sbs2001
• Measure dropped packets (#199) @sbs2001
• install/upgrade/uninstall -> posix sh (#198) @mmetc
• Variable supportedDecisionsTypes private (#203) @LaurenceJJones
• golangci-lint 1.49 and related fixes (#200) @mmetc
• updated/enabled/sorted linters; whitespace for readability (#195) @mmetc
• install.sh: fix iptables detection (#183) @freeekanayaka
• cap ban duration when it is too long for ipset (#184) @blotus
• add support for TLS auth (#188) @blotus
• fix ipv6 set-only nftables init (#181) @buixor
• add some lint checks and error wrapping (#174) @mmetc
• unify version flag with other bouncer and crowdsec (#180) @AlteredCoder

v0.0.25-rc2

What’s Changed

• update go.mod to reflect the InsecureSkipVerify fix (#206) @sabban
• Fix metrics when LOG action is on (#204) @sbs2001
• Measure dropped packets (#199) @sbs2001
• install/upgrade/uninstall -> posix sh (#198) @mmetc
• Variable supportedDecisionsTypes private (#203) @LaurenceJJones
• golangci-lint 1.49 and related fixes (#200) @mmetc
• updated/enabled/sorted linters; whitespace for readability (#195) @mmetc
• install.sh: fix iptables detection (#183) @freeekanayaka
• cap ban duration when it is too long for ipset (#184) @blotus
• add support for TLS auth (#188) @blotus
• fix ipv6 set-only nftables init (#181) @buixor
• add some lint checks and error wrapping (#174) @mmetc
• unify version flag with other bouncer and crowdsec (#180) @AlteredCoder

v0.0.25-rc1

What’s Changed

• install.sh: fix iptables detection (#183) @freeekanayaka
• cap ban duration when it is too long for ipset (#184) @blotus
• add support for TLS auth (#188) @blotus
• fix ipv6 set-only nftables init (#181) @buixor
• add some lint checks and error wrapping (#174) @mmetc
• unify version flag with other bouncer and crowdsec (#180) @AlteredCoder

v0.0.24

What’s Changed

• update CI to go 1.18 (#179) @he2ss
• add matrix to build add multi arch binaries (#177) @he2ss
• Start the firewall bouncer before netfilter-persistent service (#170) @AlteredCoder
• fix logging for nftables (#169) @buixor

v0.0.23

What’s Changed

• fix #164 : Ensure service is enabled for rpm-based packages (#165) @buixor
• debian/.gitignore (#162) @mmetc
• fix the startup failure dance (#163) @buixor
• fix typo in configuration (#161) @AlteredCoder
• Set api url to 127.0.0.1 instead of localhost (#158) @AlteredCoder
• restrict crowdsec-firewall-bouncer.yaml permissions (#157) @mmetc
• Add func tests for iptables (#146) @sbs2001
• dep on ipset-libs (#152) @sabban
• improve port management as well for rpm (#148) @sabban
• take care of port detection at install/configuration time when cscli is present (#144) @sabban
• doesn't do what you thought it does (#145) @mmetc
• fix the scenario of upgrade : backward compat (#138) @buixor
• pf: default to no anchor (#142) @mmetc
• git tag detection (#143) @mmetc
• pf: flush IP state in Add() (#140) @mmetc
• restore legacy default blacklist name for ipv4 (#139) @mmetc
• use anchor with pfctl (optional, enabled by default) (#132) @mmetc
• cleanup nftables and prep for pf (#134) @buixor
• reduce pass-through method verbosity (#137) @mmetc
• Fix functests (#136) @mmetc
• fix build for missing github dependency (#135) @sabban
• Minor fixes (#131) @buixor
• fix non linux build (#133) @buixor
• Speed up nftables via batching (#115) @sbs2001
• Add functional tests (#123) @sbs2001
• Configurable logging (#129) @buixor
• Ensure service is enabled (#128) @buixor
• Fix "make static" missing most of ldflags (#126) @mmetc
• Nftables: configurable table/chain/blacklist names & hierarchical YAML config. fixes #74 (#111) @jarppiko
• Codeql CI (#122) @mmetc
• Fix #119 (configuration test) (#121) @mmetc
• Reduce else/branch count (#117) @mmetc
• Add golangci-lint (#116) @mmetc
• Write decision/decisions according to # of items, without quotes (#110) @mmetc
• Add InsecureSkipVerify option (#149) @woopstar

v0.0.23-rc4

What’s Changed

• fix #164 : Ensure service is enabled for rpm-based packages (#165) @buixor
• debian/.gitignore (#162) @mmetc
• fix the startup failure dance (#163) @buixor
• fix typo in configuration (#161) @AlteredCoder
• Set api url to 127.0.0.1 instead of localhost (#158) @AlteredCoder
• restrict crowdsec-firewall-bouncer.yaml permissions (#157) @mmetc
• Add func tests for iptables (#146) @sbs2001
• dep on ipset-libs (#152) @sabban
• improve port management as well for rpm (#148) @sabban
• take care of port detection at install/configuration time when cscli is present (#144) @sabban
• doesn't do what you thought it does (#145) @mmetc
• fix the scenario of upgrade : backward compat (#138) @buixor
• pf: default to no anchor (#142) @mmetc
• git tag detection (#143) @mmetc
• pf: flush IP state in Add() (#140) @mmetc
• restore legacy default blacklist name for ipv4 (#139) @mmetc
• use anchor with pfctl (optional, enabled by default) (#132) @mmetc
• cleanup nftables and prep for pf (#134) @buixor
• reduce pass-through method verbosity (#137) @mmetc
• Fix functests (#136) @mmetc
• fix build for missing github dependency (#135) @sabban
• Minor fixes (#131) @buixor
• fix non linux build (#133) @buixor
• Speed up nftables via batching (#115) @sbs2001
• Add functional tests (#123) @sbs2001
• Configurable logging (#129) @buixor
• Ensure service is enabled (#128) @buixor
• Fix "make static" missing most of ldflags (#126) @mmetc
• Nftables: configurable table/chain/blacklist names & hierarchical YAML config. fixes #74 (#111) @jarppiko
• Codeql CI (#122) @mmetc
• Fix #119 (configuration test) (#121) @mmetc
• Reduce else/branch count (#117) @mmetc
• Add golangci-lint (#116) @mmetc
• Write decision/decisions according to # of items, without quotes (#110) @mmetc
• Add InsecureSkipVerify option (#149) @woopstar

v0.0.23-rc3

What’s Changed

• improve port management as well for rpm (#148) @sabban
• take care of port detection at install/configuration time when cscli is present (#144) @sabban
• doesn't do what you thought it does (#145) @mmetc
• fix the scenario of upgrade : backward compat (#138) @buixor
• pf: default to no anchor (#142) @mmetc
• git tag detection (#143) @mmetc
• pf: flush IP state in Add() (#140) @mmetc
• restore legacy default blacklist name for ipv4 (#139) @mmetc
• use anchor with pfctl (optional, enabled by default) (#132) @mmetc
• cleanup nftables and prep for pf (#134) @buixor
• reduce pass-through method verbosity (#137) @mmetc
• Fix functests (#136) @mmetc
• fix build for missing github dependency (#135) @sabban
• Minor fixes (#131) @buixor
• fix non linux build (#133) @buixor
• Speed up nftables via batching (#115) @sbs2001
• Add functional tests (#123) @sbs2001
• Configurable logging (#129) @buixor
• Ensure service is enabled (#128) @buixor
• Fix "make static" missing most of ldflags (#126) @mmetc
• Nftables: configurable table/chain/blacklist names & hierarchical YAML config. fixes #74 (#111) @jarppiko
• Codeql CI (#122) @mmetc
• Fix #119 (configuration test) (#121) @mmetc
• Reduce else/branch count (#117) @mmetc
• Add golangci-lint (#116) @mmetc
• Write decision/decisions according to # of items, without quotes (#110) @mmetc
• Add InsecureSkipVerify option (#149) @woopstar